Secrets Tab
Allows importing, generating, keeping, modifying, and exporting secrets in CORE.
By default, the max plain-text size of a secret is 4000 Bytes. To change this limit, refer to the static system setting inSystem Static Properties.
Partition SO
Security officer - UKC partition administrator role. ˃ Secrets
→ presents the following:
- Create button. See New Secret.
- Import button. See Import Secret File.
- Table of Secrets.
Table of Secrets
Each row in the table presents the following attributes:
- Name of the secret.
- UID - of the secret.
- Groups - Membership in Key-Groups.
- Last changed - timestamp of the last change.
- [
] - see Commands.
New Secret
Security officer - UKC partition administrator role. ˃ Secrets ˃ Create→ The New Secret dialog appears.
- Name - mandatory. See Name and Description.
- Description - optional.
- Groups - As needed, specify membership in the key groups. See Membership in Key-Groups. You can select the group name from the drop-down list or create it on the spot by typing a new name. In such a case, the new key group name shall be added to the list of the available key groups.
- Secret generation method ▼
- Entered manually.
- Generated by the system.
To generate a secret that complies with NIST.SP.800-63b password randomness and complexity requirements:
- Select Generate random secret - to assure the randomness of characters.
- Specify the minimum length - to comply with the minimum password length requirements.
- Check the Must include box - to ensure the presence of a special character(s) in the random mix of the upper- and lower-case letters and digits.
Warning
The system allows reusing the same secret name in a partition unless the Enforce-unique setting specifies the mandatory name uniqueness. If you choose to reuse the name, accessing the secret using its name may produce ambiguous results.
Note
The absence of the description does not violate the Enforce-unique requirement.
Note
Every secret is a permanent member of the default key group. This membership can't be revoked.
A secret can be:
Import Secret File
Partition SOSecurity officer - UKC partition administrator role. ˃ Secrets ˃ Import
→ The Import Secret File dialog appears:
- The Browse button prompts you to select the file whose content shall be stored as the secret material
- For the Name, Description, and Groups, see the New Secret dialog.
Commands
Partition SOSecurity officer - UKC partition administrator role. ˃ Secrets ˃ select Secret ˃ []
→ The list of commands appears.
- Edit - Allows changing the secret's metadata: name, description, and group-tag assignment.
- Edit as text - Allows inspecting and modifying the secret if it is UTF-8UTF-8 is character encoding scheme that includes and is backwards compatible with ASCII encoded. Otherwise, use the following steps:
- Export - This function exports a secret to the <secret-name>.secret file in the browser's default folder. the secret to a file.
- Use its appropriate editor to modify its content.
- Save it in the CORE by using the Replace the content with the file command.
- Replace the content with the file - Use this function to replace the secret's content with the content of the specified file.
- Export - This function exports a secret to the
<secret-name>.secretfile in the browser's default folder. - Delete - Deletes the secret after the intention is confirmed.
Note
Following the deletion, the page is refreshed. The time it takes to refresh the presented page depends on the number of keys in the partition.